To avoid confusion we will use the term security to refer overall problem, and the term protection mechanism to refer the specific operating system mechanism used to safeguard information in the computer.

Fist we will look at security to see what nature of the problem is.

Later on in the chapter we will look at the protection mechanism and models available to help achieve security.

To make this clearer, consider an encryption algorithm in which each letter is replaced by a different letter, for example, all As are replaced by Qs, and all Bs are replaced by Ws, all Cs are replaced by Es and so on. Like this:

Plain text: ABCDEFGHIJKLMNOPQRSTUVWZ

Chipher-text: QWERTYUIOPASDFGHJKLZXCVBNM

This general system is called a mono-alphabetic substitution (yerine koyma); for example the plaintext ATTACK would be transformed into the chipper text QZZQEA.

Question 2: what is the square root of 3912571506419387090594828508241?

Encryption makes use of the easy operations but decryption without the key requires you perform the hard operation.

A public key system called RSA exploit the fact that multiplying by numbers is much easier for a computer to do than factoring big numbers, especially when all arithmetic is done using modulo arithmetic and all numbers involved have hundreds of digits..

There are various situations that we will see later in which it is desirable some functions, f, which means has property that given f and its parameters x, computing y=f(x) is easy to do, but given only f(x), finding x is computationally in feasible (initialize y to x).

Then it could have a loop that iterates a many as times as there are 1 bits in x, with each iteration permuting bits of y in an iteration-dependent way, adding in a different constant on each iteration, and generally mixing the bits up very thoroughly.

Once a cracker has broken into a system and become super user, it may be possible to install a packet signifier, software that exams all incoming and outgoing network packets looking certain patterns.

Increasingly many breaks ins are being done by technically naive who are just running scripts they found on the Internet. These scripts either use brute forces attacks of the type described above, or try to exploit known bugs in specific programs. Real hacker refer to them as script kiddies.

The second method for authenticating a user is to check for some physical object they have rather than something they know (like door keys).

Chip cards contain an integrated circuit (chip) on them.

These card can be subdivided into two categories: stored value cards and smart cards.

Stored value cards contain a small amount of memory (usually less than 1 KB) using EEPROM technology to allow the value to be remembered when the card is removed from the reader and thus the power turned off.

However, nowadays, much security work is being focused on the smart cards which currently have something like-a 4- MHz 8-bit CPU, 16 KB of ROM , 4 KB of EEPROm, 512 bytes of starching RAM and 9600 –bpsd communication channel to the reader.

In any event with or without call back, the system should take at least 5 seconds to check any password typed in on a dial-up line, and should increase this time after several consecutive unsuccessful login attempts.

All logins should be recorded and reported.

The next step is lying baited traps to catch intruders (A simple schema is to have one special login name with an easy password and then the security manager can see who is the intruder).

Other traps can be easy-to-find bugs in the OS and similar things, designed for the purpose of catching intruders in the act.

One insiders attack is the Trojan horse, ,in which a seemingly innocent program contains code to perform an unexpected and undesirable function.

This function might be modifying, deleting or encrypting the user’s files, copying them to a place where the cracker can retrieve them later, or even sending them to a cracker or a temporary safe hiding place via email or FTP.

Examples of a polymorphic virus, All of these examples do the same thing

Calculation code of X=A+B+C-4).

Do the same thing but NOPs inserted.

Virus uses ( c) instead of (a) and still works; A virus that mutates on each copy is called a polymorphic virus. (d) and (e) does the same. (A mutilator engine changes code without changing its function)

In the fist line, the user Susan has setup her permission files; the www. taxre .com have read access to 1040.xls.

In addition to applets from all sources, whether signed or not can read and write files in /usr/tmp.

Furtherer more Susan also t h rust Microsoft enough to allow applets originating at its site read and writes to update or fix bugs. Trusted companies must signed their certificate ant necessary public key must be on her disk.

Files are not the only source that can be protected (other sources also)